Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Connections, Reconnections, Certificates
- Deadlock involving UAClientEngineBase.Reconnector
Deadlock involving UAClientEngineBase.Reconnector
03 Apr 2024 12:51 #12715
by support
Replied by support on topic Deadlock involving UAClientEngineBase.Reconnector
Hello,
thank you for the additional information.
I am not answering your question on purpose, because, as you will see from my explanation below, client-side checks have nothing to do with this particular issue.
This error is reported *by the server*. The client cannot ignore it even if it wanted to - the server does not actually open the session.
What has happened is your application is now reusing the client certificate from some previous run with an older version, but it has changed its OPC UA Application Uri (which gets determined automatically unless you want to set is explicitly); the change has occurred because we have changed the default way the OPC UA Application Uri is created.
The recommended solution is to remove the application certificate from the certificate store, which will cause your app to regenerate the certificate - now with the proper Application Uri - and then reestablish the trust on the server side.
The alternative solution would be to keep the old certificate (and no need to reestablish the trust on the server), but set the application URI explicitly in your application code.
Either way you decide, if you need more instructions, let me know and I will guide you through.
Best regards
thank you for the additional information.
I am not answering your question on purpose, because, as you will see from my explanation below, client-side checks have nothing to do with this particular issue.
This error is reported *by the server*. The client cannot ignore it even if it wanted to - the server does not actually open the session.
What has happened is your application is now reusing the client certificate from some previous run with an older version, but it has changed its OPC UA Application Uri (which gets determined automatically unless you want to set is explicitly); the change has occurred because we have changed the default way the OPC UA Application Uri is created.
The recommended solution is to remove the application certificate from the certificate store, which will cause your app to regenerate the certificate - now with the proper Application Uri - and then reestablish the trust on the server side.
The alternative solution would be to keep the old certificate (and no need to reestablish the trust on the server), but set the application URI explicitly in your application code.
Either way you decide, if you need more instructions, let me know and I will guide you through.
Best regards
Please Log in or Create an account to join the conversation.
03 Apr 2024 12:42 #12714
by sd
Replied by sd on topic Deadlock involving UAClientEngineBase.Reconnector
The full message:
UA SDK error (Opc.UA.ServiceResult=0x80170000) in 'static Session.Create'. OPC UA service result - {BadCertificateUriInvalid}. The URI specified in the ApplicationDescription does not match the URI in the certificate. BadCertificateUriInvalid
+ Connection attempt #3; last connected at 01/01/0001 00:00:00 (local); unconnected for 00:01:07.0630000.
+ This error can be reported by the OPC-UA server if the client application URI has changed but an old application instance certificate was kept. Try to remove and recreate the application instance certificate.
+ Application URI from the effective application manifest: uri:Laptop-Stijn:Arkite%20Workstation:1
+ Own certificate subject URL name from certificate sub-id "": urn:Laptop-Stijn:Arkite Workstation
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'.
What about my other question on disabling the checks all together?
UA SDK error (Opc.UA.ServiceResult=0x80170000) in 'static Session.Create'. OPC UA service result - {BadCertificateUriInvalid}. The URI specified in the ApplicationDescription does not match the URI in the certificate. BadCertificateUriInvalid
+ Connection attempt #3; last connected at 01/01/0001 00:00:00 (local); unconnected for 00:01:07.0630000.
+ This error can be reported by the OPC-UA server if the client application URI has changed but an old application instance certificate was kept. Try to remove and recreate the application instance certificate.
+ Application URI from the effective application manifest: uri:Laptop-Stijn:Arkite%20Workstation:1
+ Own certificate subject URL name from certificate sub-id "": urn:Laptop-Stijn:Arkite Workstation
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'.
What about my other question on disabling the checks all together?
Please Log in or Create an account to join the conversation.
03 Apr 2024 12:12 #12712
by support
Replied by support on topic Deadlock involving UAClientEngineBase.Reconnector
Hello.
The [...] in the message texts means that there is more information available. Please display the the ErrorMessage (Message) of the operation result or exception instead (currently this is just ToString() or ErrorMessageBrief/GetMessageBrief()), that will give us more information. I cannot reasonably answer your questions without this information. For example, the BadCertificateUriInvalid may (or may not) actually come from the server, and may be complaining about the client certificate.
Regards
The [...] in the message texts means that there is more information available. Please display the the ErrorMessage (Message) of the operation result or exception instead (currently this is just ToString() or ErrorMessageBrief/GetMessageBrief()), that will give us more information. I cannot reasonably answer your questions without this information. For example, the BadCertificateUriInvalid may (or may not) actually come from the server, and may be complaining about the client certificate.
Regards
Please Log in or Create an account to join the conversation.
03 Apr 2024 11:52 #12711
by sd
Replied by sd on topic Deadlock involving UAClientEngineBase.Reconnector
Upgrading from QuickOPC 5.63 to 5.80, the certificate rules seem to be more strict, I get this error:
UA SDK error (Opc.UA.ServiceResult=0x80170000) in 'static Session.Create'. OPC UA service result - {BadCertificateUriInvalid}. The URI specified in the
ApplicationDescription does not match the URI in the certificate. BadCertificateUriInvalid [...]
The mismatch seems to be there indeed, connecting to "opc.tcp://localhost:49320" does not match the certificate (this worked in version 5.63):
Server certificate:
X509v3 Subject Alternative Name:
URI:urn:Laptop-Stijn:Kepware.KEPServerEX.V6:UA%20Server, DNS:Laptop-Stijn
But connecting to "opc.tcp://Laptop-Stijn:49320" produces this error:
UA SDK error (Opc.UA.ServiceResult=0x808A0000) in 'DiscoveryClient.GetEndpoints'. OPC UA service result - Error establishing a connection: BadNotConnected. [...]
In an attempt to temporarily get around this, I tried below code, but it still doesn't accept the server certificate. What else needs to be set for it to ignore certificates?
var parameters = EasyUAClientCore.SharedParameters.EngineParameters;
var policy = UACertificateAcceptancePolicy.TestingInsecure;
parameters.CertificateAcceptancePolicy = policy;
parameters.HttpsCertificateAcceptancePolicy = policy;
So my questions are:
- How can I get the certificates working again?
- Can I (temporarily) disable certificate checks all together?
UA SDK error (Opc.UA.ServiceResult=0x80170000) in 'static Session.Create'. OPC UA service result - {BadCertificateUriInvalid}. The URI specified in the
ApplicationDescription does not match the URI in the certificate. BadCertificateUriInvalid [...]
The mismatch seems to be there indeed, connecting to "opc.tcp://localhost:49320" does not match the certificate (this worked in version 5.63):
Server certificate:
X509v3 Subject Alternative Name:
URI:urn:Laptop-Stijn:Kepware.KEPServerEX.V6:UA%20Server, DNS:Laptop-Stijn
But connecting to "opc.tcp://Laptop-Stijn:49320" produces this error:
UA SDK error (Opc.UA.ServiceResult=0x808A0000) in 'DiscoveryClient.GetEndpoints'. OPC UA service result - Error establishing a connection: BadNotConnected. [...]
In an attempt to temporarily get around this, I tried below code, but it still doesn't accept the server certificate. What else needs to be set for it to ignore certificates?
var parameters = EasyUAClientCore.SharedParameters.EngineParameters;
var policy = UACertificateAcceptancePolicy.TestingInsecure;
parameters.CertificateAcceptancePolicy = policy;
parameters.HttpsCertificateAcceptancePolicy = policy;
So my questions are:
- How can I get the certificates working again?
- Can I (temporarily) disable certificate checks all together?
Please Log in or Create an account to join the conversation.
03 Apr 2024 08:37 #12708
by sd
Replied by sd on topic Deadlock involving UAClientEngineBase.Reconnector
You are right: Lamar 7.0 stopped support for .Net framework, it was added again in 8.0, and removed again in 9.0 (wtf?), I did not notice that. I will try with the latest QuickOPC version.
Please Log in or Create an account to join the conversation.
29 Mar 2024 16:36 - 29 Mar 2024 16:38 #12702
by support
Replied by support on topic Deadlock involving UAClientEngineBase.Reconnector
Hello. Thank you for more info. I do not, however, still see the problem.
I have created a new console project targeting .NET Framework 4.7.2. I have then added following NuGet packages:
- "OpcLabs.QuickOpc" version="5.80.82 (our latest)
- "Lamar" version="8.1.0" (this appears to be the latest Lamar that supports .NET Framework)
I was then able to successfully build the project (no conflict), and it also appears to run. I admitably have not tested further, i.e. cannot tell at the moment if everything works as supposed.
So I do not see any reason why using latest QuickOPC would prevent you from using Lamar under .NET Framework 4.7.2.
The project is attached.
Best regards
I have created a new console project targeting .NET Framework 4.7.2. I have then added following NuGet packages:
- "OpcLabs.QuickOpc" version="5.80.82 (our latest)
- "Lamar" version="8.1.0" (this appears to be the latest Lamar that supports .NET Framework)
I was then able to successfully build the project (no conflict), and it also appears to run. I admitably have not tested further, i.e. cannot tell at the moment if everything works as supposed.
So I do not see any reason why using latest QuickOPC would prevent you from using Lamar under .NET Framework 4.7.2.
The project is attached.
Best regards
Attachments:
Last edit: 29 Mar 2024 16:38 by support.
Please Log in or Create an account to join the conversation.
29 Mar 2024 08:37 #12701
by sd
Replied by sd on topic Deadlock involving UAClientEngineBase.Reconnector
It is actually like this (the DI abstraction has many different implementations, Lamar is just one of them):
My software => QuickOPC => OPCFoundation => Micrsoft.AspNetCore.Server.Kestrel => Microsoft.Extensions.DependencyInjection.Abstractions
My software => Lamar => Microsoft.Extensions.DependencyInjection.Abstractions
QuickOPC demands (via-via) a recent version of Microsoft.Extensions.DependencyInjection.Abstractions, which can only work with a recent version of Lamar (>=7.0). That recent version of Lamar no longer supports .Net framework.
So possible solutions are:
- QuickOPC to have lower (via-via) version restrictions on Microsoft.Extensions.DependencyInjection.Abstractions, so that I can keep on using an old version
- for me to ditch Lamar in favor of another DI implementation
- for me to upgrade to .Net 6-9
Neither is going to happen short-term I believe. I'm now testing with QuickOPC 2022.1, which is the latest one to work with old version of Microsoft.Extensions.DependencyInjection.Abstractions (5.0).
My software => QuickOPC => OPCFoundation => Micrsoft.AspNetCore.Server.Kestrel => Microsoft.Extensions.DependencyInjection.Abstractions
My software => Lamar => Microsoft.Extensions.DependencyInjection.Abstractions
QuickOPC demands (via-via) a recent version of Microsoft.Extensions.DependencyInjection.Abstractions, which can only work with a recent version of Lamar (>=7.0). That recent version of Lamar no longer supports .Net framework.
So possible solutions are:
- QuickOPC to have lower (via-via) version restrictions on Microsoft.Extensions.DependencyInjection.Abstractions, so that I can keep on using an old version
- for me to ditch Lamar in favor of another DI implementation
- for me to upgrade to .Net 6-9
Neither is going to happen short-term I believe. I'm now testing with QuickOPC 2022.1, which is the latest one to work with old version of Microsoft.Extensions.DependencyInjection.Abstractions (5.0).
Please Log in or Create an account to join the conversation.
28 Mar 2024 17:27 #12700
by support
Replied by support on topic Deadlock involving UAClientEngineBase.Reconnector
Hello.
I do not see a dependency of Microsoft.Extensions.DependencyInjection.Abstractions on Lamar. Are you sure you are interpreting the problem right?
Regards
I do not see a dependency of Microsoft.Extensions.DependencyInjection.Abstractions on Lamar. Are you sure you are interpreting the problem right?
Regards
Please Log in or Create an account to join the conversation.
28 Mar 2024 15:25 #12699
by sd
Replied by sd on topic Deadlock involving UAClientEngineBase.Reconnector
Microsoft.Extensions.DependencyInjection.Abstractions is the full name, sorry about the confusion.
Please Log in or Create an account to join the conversation.
28 Mar 2024 09:42 #12698
by support
Replied by support on topic Deadlock involving UAClientEngineBase.Reconnector
Hello, and thank you.
I cannot give opinion to your explanation of the dependency conflict, because while "Micrsoft.AspNetCore.Server.Kestrel" is a concrete NuGet package (although misspelled, it should be "Microsoft.AspNetCore.Server.Kestrel", and Lamar is a concrete NuGet package as well, I suppose this one: www.nuget.org/packages/Lamar , I have no idea what it is you refer to as "MS DI abstraction". I would need the true package names involved in the confllict. Or, does the error message truly refer to "MS DI abstraction"? Can you provide it then in full?
Best regards
I cannot give opinion to your explanation of the dependency conflict, because while "Micrsoft.AspNetCore.Server.Kestrel" is a concrete NuGet package (although misspelled, it should be "Microsoft.AspNetCore.Server.Kestrel", and Lamar is a concrete NuGet package as well, I suppose this one: www.nuget.org/packages/Lamar , I have no idea what it is you refer to as "MS DI abstraction". I would need the true package names involved in the confllict. Or, does the error message truly refer to "MS DI abstraction"? Can you provide it then in full?
Best regards
Please Log in or Create an account to join the conversation.
Moderators: support
- Forum
- Discussions
- QuickOPC-UA in .NET
- Connections, Reconnections, Certificates
- Deadlock involving UAClientEngineBase.Reconnector
Time to create page: 0.075 seconds